Re: [hybi] More on Payload Masking
Brodie Thiesfield <brodie@jellycan.com> Thu, 11 November 2010 23:32 UTC
Return-Path: <brofield@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65C733A697F for <hybi@core3.amsl.com>; Thu, 11 Nov 2010 15:32:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Unh6qNapuhkm for <hybi@core3.amsl.com>; Thu, 11 Nov 2010 15:32:52 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 4755F28C0EB for <hybi@ietf.org>; Thu, 11 Nov 2010 15:32:52 -0800 (PST)
Received: by qwb7 with SMTP id 7so2555920qwb.31 for <hybi@ietf.org>; Thu, 11 Nov 2010 15:33:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=vtgSQ0uI95r68+aFUaLbEID6t42Wp4c0SVd0f65NxVI=; b=lGleMKJB4ZCQqGkGllfgfl3x2T05xyPRLTn/I0A0y0q/I6VdqMYDQIzAs/buqLdkXS MOUekudyjRbkhZe42PF9WdGP5erY8/8+57s/nUBJXqNVR+4SW4nB4dgoqTDr4NyHTajH P7H7z8HjcS8UFPxtQFd1PzEFwYtinNx0WKjiQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=V0BRk+SjUQV33lDCU3XNFPJVeVGNQk5A8ewsCUqTo97o0YC5zj+DeTLdfSusaJYl+B a//t2q4bbFBe+xWr6XI08oBYI0YGo6etZmGCe53LOlP90U7Yyq6vsOTT2WyXp0Uejc4K X7i/xrGVEY5xaqOmv9mHcmoFshBOok0neu53w=
MIME-Version: 1.0
Received: by 10.229.215.213 with SMTP id hf21mr1259613qcb.189.1289518402903; Thu, 11 Nov 2010 15:33:22 -0800 (PST)
Sender: brofield@gmail.com
Received: by 10.229.28.73 with HTTP; Thu, 11 Nov 2010 15:33:22 -0800 (PST)
In-Reply-To: <4CDC2938.8080303@caucho.com>
References: <AANLkTi=Q3oAM1rdqPHTLffN_yEGPCY9VM0CXPiNU4R79@mail.gmail.com> <AANLkTimVS=yxw8subceZu8=fEuiJCQgF7rg4DYx_vzqn@mail.gmail.com> <20101111062936.GB487@1wt.eu> <4CDC2938.8080303@caucho.com>
Date: Fri, 12 Nov 2010 08:33:22 +0900
X-Google-Sender-Auth: I7W-KiFJkdoGRiUymBmzxhPH5tY
Message-ID: <AANLkTimz=s-pETiEFyodQPF9sgV-jkEE-QJQ9VvKR6ys@mail.gmail.com>
From: Brodie Thiesfield <brodie@jellycan.com>
To: Hybi <hybi@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [hybi] More on Payload Masking
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 23:32:53 -0000
On Fri, Nov 12, 2010 at 2:34 AM, Scott Ferguson <ferg@caucho.com> wrote: > Repeating Willy's point for emphasis: a keepalive server/proxy must parse > all framing content for keepalives to work, including http headers, > chunking, etc. for both the request and the response. It cannot skip invalid > bytes and continue the keepalive. Because there's no way to recover from the > framing errors, the server/proxy needs to close the connection after the > error if the HTTP framing breaks. Since there is concern that a server may continuing to process the HTTP stream after an Upgrade, then just include data in the stream specifically for that possibility. Immediately following the CRLF of the upgrade request, require the client to send a fixed string that is basically valid HTTP and requests connection close. WEBSOCKET / HTTP/1.1 ... CRLF "WS !" CR LF "Connection: close" CR LF CR LF The string is a HTTP 0.9 request with nothing but a connection close header. Any server actually processing it is encouraged to disconnect via the unknown method, unknown URL, use of HTTP 0.9 and the Connection close header. It costs 27 bytes. In return for this overhead, any server which continues to process the stream *should* consider this the last message on it. It relies on these servers to support closing the connection after bad requests and when requested, but surely at some stage we need to trust the server to do something right. Intermediatries supporting Upgrade should not be acting on the stream after the 101 response. Servers implementing WebSockets know to ignore it. I don't believe that it is a panacea, but it would add encouragement to non-supporting servers to disconnect. Regards, Brodie
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Greg Wilkins
- Re: [hybi] More on Payload Masking Willy Tarreau
- Re: [hybi] More on Payload Masking Scott Ferguson
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking Brodie Thiesfield